When defining an API, is there a way to enforce validation of my companies API standards across all teams and all APIs they create?
There are a few ways to answer this question depending on the standards that are being enforced.
There’s a linter called Spectral that can be used to validate your company’s API specifications against a list of rules.
If you’re using the API Builder in Postman, you can write a script to pull down those API schemas and validate them using Spectral. Here’s a shell script example that uses postmanctl, named lint-api-from-postman.sh.
If you’re not using a description format for APIs (such as OpenAPI) but still want to validate design, you can use the postmanctl CLI to pull down collections and run custom validation.
You can create a boilerplate project with development-time controls in place for the pre-request and test phases. Sharing this among the team and using postman-cli to update your collections could be helpful.
- You can pull down and scan through the collection data using the Postman API or postmanctl to make sure authorization controls are in place.
- You can have tests to ensure requests are being sent with authorization in place. These can be run manually using the Collection Runner in Postman or with newman.
- You can pull down and scan through environment data using the Postman API or postmanctl.
Is there another set of standards you’re thinking about, specifically, that’s not in the domain of design, development, or security? I’d love to know!
That’s what I was looking for.